DOP-C02 Preparation Details
The AWS Certified DevOps Engineer – Professional (DOP-C02) is one of the most challenging professional-tier AWS certifications, designed for engineers with deep experience building, automating, and managing distributed systems on AWS.
Passing DOP-C02 demonstrates expertise across six weighted domains: SDLC automation, configuration management and infrastructure as code, resilient cloud solutions, monitoring and logging, incident and event response, and security and compliance.
This study guide maps every domain, task statement, and individual objective to verified official AWS documentation links, giving you a reliable reference as you prepare for the exam’s 65 scored questions. A scaled score of 750 or higher is required to pass.
AWS DevOps Engineer Prep
| Udemy | AWS Certified DevOps Engineer Professional |
| Coursera | AWS Certified DevOps Engineer Professional Specialization |
Content Domain 1: SDLC Automation (22% of scored content)
Task Statement 1.1: Implement CI/CD pipelines.
Knowledge of: Software development lifecycle (SDLC) concepts, phases, and models
Knowledge of: Pipeline deployment patterns for single- and multi-account environments
Managing stacks across accounts and Regions with StackSets
Skills in: Configuring code, image, and artifact repositories
What is Amazon Elastic Container Registry?
What is Amazon Simple Storage Service?
Skills in: Using version control to integrate pipelines with application environments
Skills in: Setting up build processes (for example, AWS CodeBuild)
Skills in: Managing build and deployment secrets (for example, AWS Secrets Manager, AWS Systems Manager Parameter Store)
AWS Systems Manager Parameter Store
Skills in: Determining appropriate deployment strategies (for example, AWS CodeDeploy)
Working with the CodeDeploy agent
Task Statement 1.2: Integrate automated testing into CI/CD pipelines.
Knowledge of: Different types of tests (for example, unit tests, integration tests, acceptance tests, user interface tests, security scans)
Knowledge of: Reasonable use of different types of tests at different stages of the CI/CD pipeline
Skills in: Running builds or tests when generating pull requests or code merges (for example, CodeBuild)
Skills in: Running load/stress tests, performance benchmarking, and application testing at scale
Amazon EC2 Auto Scaling User Guide
Skills in: Measuring application health based on application exit codes
Skills in: Automating unit tests and code coverage
Skills in: Invoking AWS services in a pipeline for testing
Task Statement 1.3: Build and manage artifacts.
Knowledge of: Artifact use cases and secure management
Knowledge of: Methods to create and generate artifacts
Knowledge of: Artifact lifecycle considerations
What is Amazon Simple Storage Service?
Skills in: Creating and configuring artifact repositories (for example, AWS CodeArtifact, Amazon S3, Amazon Elastic Container Registry [Amazon ECR])
What is Amazon Simple Storage Service?
What is Amazon Elastic Container Registry?
Skills in: Configuring build tools for generating artifacts (for example, CodeBuild, AWS Lambda)
Skills in: Automating Amazon EC2 instance and container image build processes (for example, EC2 Image Builder)
What is Amazon Elastic Container Registry?
Task Statement 1.4: Implement deployment strategies for instance, container, and serverless environments.
Knowledge of: Deployment methodologies for various platforms (for example, Amazon EC2, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], Lambda)
Knowledge of: Application storage patterns (for example, Amazon Elastic File System [Amazon EFS], Amazon S3, Amazon Elastic Block Store [Amazon EBS])
What is Amazon Elastic File System?
What is Amazon Simple Storage Service?
What is Amazon Elastic Block Store?
Knowledge of: Mutable deployment patterns in contrast to immutable deployment patterns
Knowledge of: Tools and services available for distributing code (for example, CodeDeploy, Image Builder)
Skills in: Configuring security permissions to allow access to artifact repositories (for example, AWS Identity and Access Management [IAM], CodeArtifact)
Skills in: Configuring deployment agents (for example, CodeDeploy agent)
Working with the CodeDeploy agent
Skills in: Troubleshooting deployment issues
Skills in: Using different deployment methods (for example, blue/green, canary)
Content Domain 2: Configuration Management and IaC (17% of scored content)
Task Statement 2.1: Define cloud infrastructure and reusable components to provision and manage systems throughout their lifecycle.
Knowledge of: Infrastructure as code (IaC) options and tools for AWS
What is the AWS Serverless Application Model (AWS SAM)?
Knowledge of: Change management processes for IaC-based platforms
Managing stacks across accounts and Regions with StackSets
Knowledge of: Configuration management services and strategies
Skills in: Composing and deploying IaC templates (for example, AWS Serverless Application Model [AWS SAM], AWS CloudFormation, AWS Cloud Development Kit [AWS CDK])
What is the AWS Serverless Application Model (AWS SAM)?
Skills in: Applying CloudFormation stack sets across multiple accounts and AWS Regions
Managing stacks across accounts and Regions with StackSets
Skills in: Determining optimal configuration management services (for example, AWS OpsWorks, AWS Systems Manager, AWS Config, AWS AppConfig)
Skills in: Implementing infrastructure patterns, governance controls, and security standards into reusable IaC templates (for example, AWS Service Catalog, CloudFormation modules, AWS CDK)
Task Statement 2.2: Deploy automation to create, onboard, and secure AWS accounts in a multi-account or multi-Region environment.
Knowledge of: AWS account structures, best practices, and related AWS services
Skills in: Standardizing and automating account provisioning and configuration
Skills in: Creating, consolidating, and centrally managing accounts (for example, AWS Organizations, AWS Control Tower)
Skills in: Applying IAM solutions for multi-account and complex organization structures (for example, SCPs, assuming roles)
Skills in: Implementing and developing governance and security controls at scale (AWS Config, AWS Control Tower, AWS Security Hub, Amazon Detective, Amazon GuardDuty, Service Catalog, SCPs)
Task Statement 2.3: Design and build automated solutions for complex tasks and large-scale environments.
Knowledge of: AWS services and solutions to automate tasks and processes
Knowledge of: Methods and strategies to interact with the AWS software-defined infrastructure
Skills in: Automating system inventory, configuration, and patch management (for example, Systems Manager, AWS Config)
AWS Systems Manager Patch Manager
Skills in: Developing AWS Lambda function automations for complex scenarios (for example, AWS SDKs, Lambda, AWS Step Functions)
Skills in: Automating the configuration of software applications to the desired state (for example, OpsWorks, Systems Manager State Manager)
AWS Systems Manager State Manager
Skills in: Maintaining software compliance (for example, Systems Manager)
AWS Systems Manager Patch Manager
Content Domain 3: Resilient Cloud Solutions (15% of scored content)
Task Statement 3.1: Implement highly available solutions to meet resilience and business requirements.
Knowledge of: Multi-AZ and multi-Region deployments (for example, compute layer, data layer)
Knowledge of: SLAs
What is Elastic Load Balancing?
Knowledge of: Replication and failover methods for stateful services
Knowledge of: Techniques to achieve high availability (for example, Multi-AZ, multi-Region)
What is Elastic Load Balancing?
Amazon EC2 Auto Scaling User Guide
Skills in: Translating business requirements into technical resiliency needs
What is Elastic Load Balancing?
Skills in: Identifying and remediating single points of failure in existing workloads
Amazon EC2 Auto Scaling User Guide
What is Elastic Load Balancing?
Skills in: Enabling cross-Region solutions where available (for example, Amazon DynamoDB, Amazon RDS, Amazon Route 53, Amazon S3, Amazon CloudFront)
What is Amazon Simple Storage Service?
Skills in: Configuring load balancing to support cross-AZ services
What is Elastic Load Balancing?
Skills in: Configuring applications and related services to support multiple Availability Zones and AWS Regions while minimizing downtime
What is Elastic Load Balancing?
Amazon EC2 Auto Scaling User Guide
Task Statement 3.2: Implement solutions that are scalable to meet business requirements.
Knowledge of: Appropriate metrics for scaling services
Amazon EC2 Auto Scaling User Guide
Knowledge of: Loosely coupled and distributed architectures
What is Amazon Simple Queue Service?
What is Amazon Simple Notification Service?
Knowledge of: Serverless architectures
Knowledge of: Container platforms
Skills in: Identifying and remediating scaling issues
Amazon EC2 Auto Scaling User Guide
Skills in: Identifying and implementing appropriate auto scaling, load balancing, and caching solutions
Amazon EC2 Auto Scaling User Guide
What is Elastic Load Balancing?
Skills in: Deploying container-based applications (for example, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS])
Skills in: Deploying workloads in multiple Regions for global scalability
Skills in: Configuring serverless applications (for example, Amazon API Gateway, AWS Lambda, AWS Fargate)
Task Statement 3.3: Implement automated recovery processes to meet RTO and RPO requirements.
Knowledge of: Disaster recovery concepts (for example, RTO, RPO)
Knowledge of: AWS Backup and recovery strategies (for example, pilot light, warm standby)
Knowledge of: Recovery procedures
Skills in: Testing failover of Multi-AZ and multi-Region workloads (for example, Amazon RDS, Amazon Aurora, Route 53, CloudFront)
Skills in: Identifying and implementing appropriate cross-Region AWS Backup and recovery strategies (for example, AWS Backup, Amazon S3, AWS Systems Manager)
What is Amazon Simple Storage Service?
Skills in: Configuring a load balancer to recover from backend failure
What is Elastic Load Balancing?
Content Domain 4: Monitoring and Logging (15% of scored content)
Task Statement 4.1: Configure the collection, aggregation, and storage of logs and metrics.
Knowledge of: How to monitor applications and infrastructure
What is Amazon CloudWatch Logs?
Knowledge of: Amazon CloudWatch metrics (for example, namespaces, metrics, dimensions, and resolution)
What is Amazon CloudWatch Logs?
Knowledge of: Real-time log ingestion
What is Amazon Kinesis Data Streams?
What is Amazon Kinesis Data Firehose?
What is Amazon CloudWatch Logs?
Knowledge of: Encryption options for at-rest and in-transit logs and metrics (for example, client-side and server-side, AWS Key Management Service [AWS KMS])
What is AWS Key Management Service?
What is Amazon CloudWatch Logs?
Knowledge of: Security configurations (for example, IAM roles and permissions to allow for log collection)
What is Amazon CloudWatch Logs?
Skills in: Securely storing and managing logs
What is Amazon CloudWatch Logs?
What is Amazon Simple Storage Service?
What is AWS Key Management Service?
Skills in: Creating CloudWatch metrics from log events by using metric filters
What is Amazon CloudWatch Logs?
Skills in: Creating CloudWatch metric streams (for example, Amazon S3 or Amazon Kinesis Data Firehose options)
What is Amazon Kinesis Data Firehose?
Skills in: Collecting custom metrics (for example, using the CloudWatch agent)
Collect metrics, logs, and traces using the CloudWatch agent
Skills in: Managing log storage lifecycles (for example, Amazon S3 lifecycles, CloudWatch log group retention)
What is Amazon CloudWatch Logs?
What is Amazon Simple Storage Service?
Skills in: Processing log data by using CloudWatch log subscriptions (for example, Amazon Kinesis, AWS Lambda, Amazon OpenSearch Service)
What is Amazon CloudWatch Logs?
What is Amazon Kinesis Data Streams?
What is Amazon OpenSearch Service?
Skills in: Searching log data by using filter and pattern syntax or Amazon CloudWatch Logs Insights
Analyzing log data with CloudWatch Logs Insights
What is Amazon CloudWatch Logs?
Skills in: Configuring encryption of log data (for example, AWS KMS)
What is AWS Key Management Service?
What is Amazon CloudWatch Logs?
Task Statement 4.2: Audit, monitor, and analyze logs and metrics to detect issues.
Knowledge of: Anomaly detection alarms (for example, CloudWatch anomaly detection)
Using Amazon CloudWatch alarms
Knowledge of: Common CloudWatch metrics and logs (for example, CPU utilization with Amazon EC2, queue length with Amazon RDS, 5xx errors with an Application Load Balancer [ALB])
What is Amazon CloudWatch Logs?
Knowledge of: Amazon Inspector and common assessment templates
Knowledge of: AWS Config rules
Knowledge of: AWS CloudTrail log events
Skills in: Building CloudWatch dashboards and Amazon QuickSight visualizations
Using Amazon CloudWatch dashboards
Skills in: Associating CloudWatch alarms with CloudWatch metrics (standard and custom)
Using Amazon CloudWatch alarms
Skills in: Configuring AWS X-Ray for different services (for example, containers, Amazon API Gateway, Lambda)
Skills in: Analyzing real-time log streams (for example, using Amazon Kinesis Data Streams)
What is Amazon Kinesis Data Streams?
What is Amazon CloudWatch Logs?
Skills in: Analyzing logs with AWS services (for example, Amazon Athena, CloudWatch Logs Insights)
Analyzing log data with CloudWatch Logs Insights
Task Statement 4.3: Automate monitoring and event management of complex environments.
Knowledge of: Event-driven, asynchronous design patterns (for example, S3 Event Notifications or Amazon EventBridge events to Amazon Simple Notification Service [Amazon SNS] or Lambda)
What is Amazon Simple Notification Service?
What is Amazon Simple Storage Service?
Knowledge of: Capabilities of auto scaling for a variety of AWS services (for example, EC2 Auto Scaling groups, RDS storage auto scaling, Amazon DynamoDB, Amazon Elastic Container Service [Amazon ECS] capacity provider, Amazon Elastic Kubernetes Service [Amazon EKS] autoscalers)
Amazon EC2 Auto Scaling User Guide
Knowledge of: Alert notification and action capabilities (for example, CloudWatch alarms to Amazon SNS, Lambda, EC2 automatic recovery)
Using Amazon CloudWatch alarms
What is Amazon Simple Notification Service?
Knowledge of: Health check capabilities in AWS services (for example, ALB target groups, Amazon Route 53)
What is Elastic Load Balancing?
Skills in: Configuring solutions for auto scaling (for example, DynamoDB, EC2 Auto Scaling groups, RDS storage auto scaling, ECS capacity provider)
Amazon EC2 Auto Scaling User Guide
Skills in: Creating CloudWatch custom metrics and metric filters, alarms, and notifications (for example, Amazon SNS, Lambda)
Using Amazon CloudWatch alarms
What is Amazon Simple Notification Service?
Skills in: Configuring S3 events to process log files (for example, by using Lambda) and deliver log files to another destination (for example, OpenSearch Service, CloudWatch Logs)
What is Amazon Simple Storage Service?
What is Amazon OpenSearch Service?
What is Amazon CloudWatch Logs?
Skills in: Configuring EventBridge to send notifications based on a particular event pattern
What is Amazon Simple Notification Service?
Skills in: Installing and configuring agents on EC2 instances (for example, AWS Systems Manager Agent [SSM Agent], CloudWatch agent)
Collect metrics, logs, and traces using the CloudWatch agent
Skills in: Configuring AWS Config rules to remediate issues
Skills in: Configuring health checks (for example, Route 53, ALB)
What is Elastic Load Balancing?
Content Domain 5: Incident and Event Response (14% of scored content)
Task Statement 5.1: Manage event sources to process, notify, and take action in response to events.
Knowledge of: AWS services that generate, capture, and process events (for example, AWS Health, Amazon EventBridge, AWS CloudTrail)
Knowledge of: Event-driven architectures (for example, fan out, event streaming, queuing)
What is Amazon Simple Queue Service?
What is Amazon Kinesis Data Streams?
Skills in: Integrating AWS event sources (for example, AWS Health, EventBridge, CloudTrail)
Skills in: Building event processing workflows (for example, Amazon Simple Queue Service [Amazon SQS], Amazon Kinesis, Amazon Simple Notification Service [Amazon SNS], AWS Lambda, AWS Step Functions)
What is Amazon Simple Queue Service?
What is Amazon Kinesis Data Streams?
What is Amazon Simple Notification Service?
Task Statement 5.2: Implement configuration changes in response to events.
Knowledge of: Fleet management services (for example, AWS Systems Manager, AWS Auto Scaling)
Amazon EC2 Auto Scaling User Guide
Knowledge of: Configuration management services (for example, AWS Config)
Skills in: Applying configuration changes to systems
AWS Systems Manager Automation
Skills in: Modifying infrastructure configurations in response to events
Skills in: Remediating a non-desired system state
AWS Systems Manager Automation
Task Statement 5.3: Troubleshoot system and application failures.
Knowledge of: AWS metrics and logging services (for example, Amazon CloudWatch, AWS X-Ray)
Knowledge of: AWS service health services (for example, AWS Health, CloudWatch, Systems Manager OpsCenter)
Knowledge of: Root cause analysis
Skills in: Analyzing failed deployments (for example, AWS CodePipeline, AWS CodeBuild, AWS CodeDeploy, AWS CloudFormation, CloudWatch synthetic monitoring)
Skills in: Analyzing incidents regarding failed processes (for example, auto scaling, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS])
Amazon EC2 Auto Scaling User Guide
Content Domain 6: Security and Compliance (17% of scored content)
Task Statement 6.1: Implement techniques for identity and access management at scale.
Knowledge of: Appropriate usage of different IAM entities for human and machine access (for example, users, groups, roles, identity providers, identity-based policies, resource-based policies, session policies)
Knowledge of: Identity federation techniques (for example, using IAM identity providers and AWS IAM Identity Center)
Knowledge of: Permission management delegation by using IAM permissions boundaries
Permissions boundaries for IAM entities
Knowledge of: Organizational SCPs
Skills in: Designing policies to enforce least privilege access
Permissions boundaries for IAM entities
Skills in: Implementing role-based and attribute-based access control patterns
Skills in: Automating credential rotation for machine identities (for example, AWS Secrets Manager)
Skills in: Managing permissions to control access to human and machine identities (for example, enabling multi-factor authentication [MFA], AWS Security Token Service [AWS STS], IAM profiles)
Task Statement 6.2: Apply automation for security controls and data protection.
Knowledge of: Network security components (for example, security groups, network ACLs, routing, AWS Network Firewall, AWS WAF, AWS Shield)
Knowledge of: Certificates and public key infrastructure (PKI)
What is AWS Certificate Manager?
Knowledge of: Data management (for example, data classification, encryption, key management, access controls)
What is AWS Key Management Service?
Skills in: Automating the application of security controls in multi-account and multi-Region environments (for example, AWS Security Hub, AWS Organizations, AWS Control Tower, AWS Systems Manager)
Skills in: Combining security controls to apply defense in depth (for example, AWS Certificate Manager [ACM], AWS WAF, AWS Config, AWS Config rules, Security Hub, Amazon GuardDuty, security groups, network ACLs, Amazon Detective, Network Firewall)
What is AWS Certificate Manager?
Skills in: Automating the discovery of sensitive data at scale (for example, Amazon Macie)
Skills in: Encrypting data in transit and data at rest (for example, AWS Key Management Service [AWS KMS], AWS CloudHSM, ACM)
What is AWS Key Management Service?
What is AWS Certificate Manager?
Task Statement 6.3: Implement security monitoring and auditing solutions.
Knowledge of: Security auditing services and features (for example, AWS CloudTrail, AWS Config, VPC Flow Logs, AWS CloudFormation drift detection)
Knowledge of: AWS services for identifying security vulnerabilities and events (for example, GuardDuty, Amazon Inspector, IAM Access Analyzer, AWS Config)
Knowledge of: Common cloud security threats (for example, insecure web traffic, exposed AWS access keys, S3 buckets with public access enabled or encryption disabled)
Skills in: Implementing robust security auditing
Skills in: Configuring alerting based on unexpected or anomalous security events
Using Amazon CloudWatch alarms
Skills in: Configuring service and application logging (for example, CloudTrail, Amazon CloudWatch Logs)
What is Amazon CloudWatch Logs?
Skills in: Analyzing logs, metrics, and security findings
Analyzing log data with CloudWatch Logs Insights
Wrapping Up
This guide has walked through all six content domains of the AWS Certified DevOps Engineer – Professional (DOP-C02) exam, from CI/CD pipeline implementation and infrastructure as code through to security monitoring and compliance automation. Every individual knowledge and skills objective has been broken out with its own set of verified official AWS documentation links.
Use these links as targeted reading alongside hands-on practice — configuring CodePipeline workflows, writing CloudFormation templates, and setting up GuardDuty and Config rules will reinforce the concepts far more than reading alone.
You’ll find study guides for other AWS certifications, including associate and specialty exams, in the AWS certification category. If this guide helped you, feel free to share it or leave a comment below with any questions about your DOP-C02 preparation.
Follow Me to Receive Updates on DOP-C02 Exam
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
